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L14 : Entry 2 of 6 



File: PGPB 



Jan 17, 2002 



DOCUMENT- IDENTIFIER: US 20020007452 Al 

TITLE: CONTENT PROTECTION FOR DIGITAL TRANSMISSION SYSTEMS 



Application Filing Date : 



19970811 

Current US Classification, US Secondary Class/Subclass : 
380/201 

Current US Classification, US Secondary Class/Subclass : 
705/57 

Detail Description Paragraph : 

[0043] Following the completion of the preliminary authentication phase, an 
encrypted control channel is established between the authenticated devices. This 
preliminary control channel is used to initiate the transfer of protected content 
across the bus via encrypted content channels. The transfer of content is subject 
to immediate cancellation if any security threats are detected as the second, 
highly robust full authentication phase continues in the background. 

Detail Description Paragraph : 

[0077] When Device A is requested to initiate the transmission of protected content 
to Device B, Device A checks to see if an encrypted control channel has already 
been established between the two devices. If this control channel exists, the 
devices have already authenticated each other making further authentication 
unnecessary, and the devices can immediately establish an encrypted content 
channel. If however, the control channel does not exist, preliminary authentication 
must be initiated. 

Detail Description Paragraph : 

[0105] The control channel remains available as long as both devices remain powered 
up and attached to the communications link. The control channel can be repeatedly 
used to set up and manage the security of protected content streams without further 
authentication. Depending on the strength of the channel ciphers, it may be 
desirable to change the control channel keys on a regular basis. Control channel 
keys can be updated using a signed Dif f ie-Hellman key exchange similar to the one 
used during the full device authentication process. The computation for these key 
changes would typically be a low priority background activity, which would not 
affect overall device performance. 

Detail Description Paragraph : 
[0107] Content Channel Encryption 

Detail Description Paragraph : 

[0108] Exemplary embodiments of the present invention, to establish an encrypted 
channel for . protected content , can utilize the following procedure once a secure 
control channel has been established by the preliminary or full device 
authentication procedures. Encryption of the control channel is performed to 
preserve the confidentiality of content channel keys and ensure the integrity of 
other messages. The source of the content sends a message via the encrypted control 
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channel to the compliant destination device (or devices in the case of a content 
multicast). This message contains: a randomly generated key which is unique for 
each stream of content. (K. sub . Content ) ; the symmetric cipher to use 
(Content_Algo_Select) / Cipher initialization state; the Isochronous channel 
associated with the content stream; Copy Control Information (such as CGMS bits) ; a 
sequence number initialized to the least significant 16 bits of A.sub.C and 
incremented for each additional message sent. Alternative embodiments of the 
present invention can forgo the inclusion of message elements such as the Cipher 
initialization state or the sequence number initialized to the least significant 16 
bits of A.sub.C. 

Detail Description Paragraph : 

[0110] While content is flowing across an encrypted content channel, the copy 
control information associated with the stream can be updated at any time via the 
control channel (s) between the source device and destination device (s). Upon 
updating the copy control information, the key associated with the content channel 
should also be updated . In addition, depending on the strength of the channel 
ciphers, it may be desirable to change the content channel key on a periodic basis. 
Ne w content channel keys and copy control information can be put into service when 
an indicator is transmitted over the content channel. This copy control information 
can be embedded in the content stream or as part of a header in the IEEE 13 94 
protocol, such as the CIP header. 

Detail Description Paragraph : 

[0123] A compliant device that transmits protected content must have a Channel 
Encryption Subsystem 606. Control messages, as well as protected content, are 
encrypted prior to transmission. Channel Encryption Subsystem 606 performs these 
encryptions. The keys used to encrypt the content and commands are passed to 
Channel Encryption Subsystem 606 from Authentication and Key Exchange Subsystem 
604. Channel Encryption Subsystem 606 may support more than one cipher, although 
for interoperability it is preferable that a Baseline Cipher be supported.- In a 
typical embodiment of the present invention, Authentication and Key Exchange 
Subsystem 604 specifies the particular cipher and key to be used for each packet 
transmitted. 

Detail Description Paragraph : 

[0135] Embodiments of the present invention provide a flexible system which can 
support a range of protection levels. Digital certificates enable device 
authentication which in turn facilitates the exclusion of devices which can 
circumvent the protection of the content. Furthermore, the content itself may be 
encrypted to ensure that even if it is copied, it will be in an unusable format. 
The present invention allows for a high level of content protection which can be 
implemented with a reasonable level of resources for consumer electronics equipment 
and computer systems . 

CLAIMS : 

1. A method of transferring content from a content source to a content sink, 
comprising: a) exchanging random challenges between the content source and the 
content sink; b) encrypting the exchanged random challenges with a secret key, then 
hashing the encrypted random challenges; c) exchanging the encrypted, hashed random 
challenges; d) comparing exchanged encrypted, hashed random challenges to expected 
values ; e) establishing, if the exchanged encrypted, hashed random challenges match 
the expected values, a preliminary control channel; f) establishing a preliminary 
content channel; and g) transferring content over the preliminary content channel. 

5. A method of transferring information, the method comprising: a) transmitting a 
first challenge from a first device to a second device, and transmitting a second 
challenge from the second device to the first device; b) in the first device, 
encrypting, then hashing the second challenge, and in the second device, 



http://westbrs:9000fti^ 4/16/05 



Record Display Form 



Page 3 of 3 



encrypting, then hashing the first challenge; c) transmitting the hashed, 
encrypted, second challenge to the second device, and transmitting the hashed, 
encrypted, first challenge to the first device; d) in the first device, comparing 
the hashed, encrypted first challenge to a first expected value, and in the second 
device comparing the hashed, encrypted second challenge to a second expected value ; 
e) if both comparisons in step (d) result in a match, then establishing a 
preliminary content channel; and f) transferring information over the preliminary 
content channel . 
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L14: Entry 3 of 6 



File: USPT 



Feb 22, 2005 



DOCUMENT- IDENTIFIER: US 6859790 Bl 

TITLE: Data distribution system and method thereof, data processing device, data 
control device, and machine -readable recording medium recording distribution data 



Application Filing Date (1) : 
20001018 

B rief Summary Text (10) : 

For example, the CCI (Copy Control Information) and CGMS-A/D (Copy Generation 
Management System) being considered by the CPTWG (Copy Protection Technical Working 
Group) which is an operation organization of the copyright-related industry started 
to deal with DVD-ROM copyright protection issues, and the EMI-CCI ( Encryption Mode 
Indicator-CCI) used with the 1394CP ( Content Protection) which is a copyright 
px*otection measure for inter-equipment (home electronics) digital interfaces, but 
all of these end up simply changing the names of the SCMS copy control bits and 
continuing to use the same. 

Brief Summary Text (14) : 

Now, rapid digitizing of broadcast networks, communication networks, and home 
electronics has necessitated the advent of high-level technology such as encryption 
technology and electronic watermarking technology, as a system to protect 
copyrights of digital contents . Further, the present state has reached a point 
which SCMS cannot deal with, even as a system to control copying. 

Brief Summary Text (34) : 

To this end, the data distribution system according to the present invention 
comprises: a data distributing device which adds to desired contents data which is 
the object of distribution use control information containing information of the 
number of permitted times of use, which is the number of times that arbitrary use 
including either one or both of recording and playing the contents data is to be 
permitted and generates distribution data; and a data processing device which, 
based on the information of the number of permitted times of use of the contents 
data of the generated distribution data, detects whether or not the use of the 
contents data is permitted, uses the contents data in the event that use thereof is 
permitted, and updates the use control information so as to decrease the number of 
permitted times of use based on the usage. 

Brief Summary Text (35) : 

Also, the data distribution method according to the present invention: adds to 
desired contents data, in a manner wherein external operation is impossible; use 
control information containing information of the number of permitted times of use, 
which is the number of times that arbitrary use of the contents data including 
either one or both of recording and playing the contents data is to be permitted, 
and generates distribution data,* distributes the distribution data to a desired 
distribution destination; detects whether or not the use of the contents data of 
the distribution data is permitted, based on the use control information of the 
distributed distribution data, at the distribution destination; uses the contents 
data in the event that use thereof is permitted as the result of the detection; and 
updates the use control information so as to decrease the number of permitted times 
of use according to the usage . 
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Brief Summary Text (36) : 

Also, the data processing device according to the present invention comprises: 
control information extracting means for extracting, from distribution data wherein 
use control information containing information of the number of permitted times of 
arbitrary use of the contents data including either one or both of recording and 
playing the contents data has been added to desired contents data, information of 
the number of permitted times of use from the use control information; use 
permitting means for detecting whether or not use of the content data is permitted, 
based on the extracted information of the number of permitted times of use; use 
control means for controlling the use so as to use the contents data in the event 
that use thereof is permitted as the result of the detection; using means for using 
the contents data based on the control; and control information updating means for 
updating the use control information so as to decrease the number of permitted 
times of use, based on the usage. 

Brief Summary Text (37) : 

Also, the data use control device according to the present invention is provided to 
a device which uses the contents data of distribution data wherein use control 
information containing information of the number of times that arbitrary use of the 
contents data including either one or both of recording and playing the contents . . 
data is to be permitted, is added to desired contents data to be distributed; the 
data use control device comprising: control information extracting means for 
extracting, from the distributed distribution data, information of the number of 
permitted times of use of the use control information; use permitting means for 
detecting whether or not use of the content data is permitted, based on the 
extracted information of the number of permitted times of use; use control means 
for controlling use so as to use the contents data in the event that use thereof is 
permitted as the result of the detection; and control information updating means 
for updating the use control information so as to decrease the number of permitted 
times of use, based on the usage, in the event that the contents data is used. 

Detailed Description Text (12) : 

The distribution key is sequentially validated and updated every certain period., 
such as once a month, and the key server 114 generates and stores several months 
worth of distributing keys, and .transmits several months worth together to the 
contents provider 2 00, service provider 3 00, and user home networks 40 0.sub.-l and 
400 . sub. -2 . 

Detailed Description Text (19) : 

The information of whether or not registration can be made indicates whether or not 
the contents . can be used, and for example, in the event that there is a request for 
registration from equipment in the user home networks 400. sub. -1 and 400. sub. -2, 
the user registration database is searched, and depending on the recorded contents 
thereof, the equipment is registered or registration thereof is denied. This 
information of whether or not registration can be made is continuously updated, 
based on information such as whether there have been any unpaid bills or 
unauthorized processing, etc., provided from settlement firms such as banks and 
credit companies, the service provider 300, and so forth. Accordingly, the user 
administrative unit 118 denies registration of equipment having an ID which has 
been recorded to be registration not available, due to unpaid bills for example, 
and subsequently this equipment cannot use contents . 

Detailed Description Text (167) : 

Then, the value obtained by passing the current value through the hash function 
once each time the user makes a copy is compared with the permitted number of 
generations, confirmation is made regarding whether or not this has exceeded the 
purchased number of tickets, and if not so, the copy action is permitted. 

Current US Cross Reference Classification (4) : 
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705/57 

Current US Cross Reference Classification (8) : 
713/193 

CLAIMS : 

1. A data distribution system, comprising: a data distributing device which adds to 
desired contents data which is the object of distribution use control information 
containing information of the number of permitted times of use, which is the number 
of times that use including either one or both of recording and playing said 
contents data is to be permitted; and generates distribution data; and a data 
processing device which, based on the information of the number of permitted times 
of use of said contents data of said generated distribution data, detects whether 
or not the use of - said contents data is permitted, uses said contents data in the 
event that use thereof is permitted, and updates said use control information so as 
to decrease said number of permitted times of use based on said usage; wherein said 
data processing device comprises a signal processing device wherein external 
observation and alteration of the signal processing state is impossible, and 
wherein said signal processing device performs detection of whether or not use of 
said contents data is permitted, control of use of said contents data based on said 
detection results, and updating of said use control information based on said use.; 
wherein in the event of recording said contents data, said data processing device 
generates new distribution data by adding to said contents data said use control 
information containing said information of the number of permitted times of use 
that has been newly, and performs recording with said distribution data as a unit; 
.and further comprising an administration device which is connected so as to be 
capable of communication with at least said data processing device, and which 
performs billing processing relating to the use of said contents data, based on 
information relating to use of said contents data sent from said data processing 
device; wherein said data processing device sends information relating to the use 
of said contents data to said administration device; wherein said data distributing 
device generates said distribution data by adding to said desired data information 
relating to the billing format whereby settlement can be made at said data 
processing device at the time of using said contents data, as said use control 
information; wherein said data processing device determines the billing format for 
use of said contents data, based on said information relating to billing format 
from said use control information of said distribution data; wherein said data 
processing device sends information relating to the determined billing format to 
said administration device; and wherein said administration device performs billing 
processing relating to use of said contents data, based on said information 
relating to billing format sent from said data processing device. 

2- A data distribution system, comprising: a data distributing device which adds to 
desired contents data which is the object of distribution use control information 
containing information of the number of permitted times of use, which is the number 
of times that use including either one or both of recording and playing said 
contents data is to be permitted; and generates distribution data; and a data 
processing device which, based on the information of the number of permitted times 
of use of said contents data of said generated distribution data, detects whether 
or not the use of said contents data is permitted, uses said contents data in the 
event that use thereof is permitted, and updates said use control information so as 
to decrease said number of permitted times of use based on said usage; wherein said 
data processing device comprises a signal processing device wherein external 
observation and alteration of the signal processing state is impossible, and 
wherein said signal processing device performs detection of whether or not use of 
said contents data is permitted, control of use of said contents data based on said 
detection results, and updating of said use control information based on said use; 
wherein in the event of recording said contents data, said data processing device 
generates new distribution data by adding to said contents data said use control 
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information containing said information of the number of permitted times of use 
that has been newly set, and performs recording with said distribution data as a 
unit; and wherein said data processing device sends information relating to the 
number of times of use of said contents data to said administration device; and 
wherein said administration device performs billing processing, based on said 
information relating to the number of times of use of said contents data that is 
sent . 

3. A data distribution system, comprising: a data distributing device which adds to 
desired contents data which is the object of distribution use control information 
containing information of the number of permitted times of use, which is the number 
of times that use including either one or both of recording and playing said 
contents data is to be permitted; and generates distribution data; and a data 
processing device which, based on the information of the number of permitted times 
of use of said contents data of said generated distribution data, detects whether 
or not the use of said contents data is permitted, uses said contents data in the 
event that use thereof is permitted, and updates said use control information so as 
to decrease said number of permitted times of use based on said usage wherein said 
data processing device comprises a signal processing device wherein external 
observation and alteration of the signal processing state is impossible, and 
wherein said signal processing device performs detection of whether or not use of 
said contents data is permitted; control of use of said contents data based on said 
detection results, and updating of said use control information based on said use; 
wherein in the event of recording said contents data, said data processing device 
generates new distribution data .by adding to said contents data said use control 
information containing said information of the number of permitted times of use 
that has been newly, and performs recording with .said distribution data as a unit; 
and further comprising an- administration device which is connected so as to be 
capable of communication with at least said data processing device, and which ■ 
performs billing processing relating to the use of said contents data, based on 
information relating to use of said contents data sent from said data processing 
device; wherein said data processing device sends information relating to, the use 
of said contents data to said administration device; wherein said data distributing 
device generates said distribution data containing information of number of . 
permitted times of use represented by a hash value obtained by passing a 
predetermined initial value through a hash function a number of times equal to the 
number of times that use is permitted; and information of the essential number of 
times of use represented by said predetermined initial value as use control 
information; and wherein said data processing device restricts use of said 
distribution data in the event that the hash value indicating the maximum number. of 
times of use allowed and the hash value indicating the number of times of essential 
use become the same. 

5. A data distribution method, which: adds to desired contents data, in a manner 
wherein external operation is impossible, use control information containing 
information of the number of permitted times of use, which is the number of times 
that use of said contents data including either one or both of recording and 
playing said contents data is to be permitted, and generates distribution data; 
distributes said distribution data to a desired distribution destination; detects 
whether or not the use of said contents data of said distribution data is 
permitted, based on said use control information of said distributed distribution 
data, at said distribution destination; uses said contents data in the event that 
use thereof is permitted as the result of said detection; and updates said use 
control information so as to decrease said number of permitted times of use 
according to said usage; wherein detection of whether or not use of said contents 
data is permitted, control of use of said contents data based on said detection 
results, and updating of said use control information based on said use, are 
performed within a signal processing device regarding which external observation 
and alteration of the signal processing state is impossible; wherein in the event 
that said contents data has been used, said distribution destination sends 
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information relating to use of said contents data to a predetermined administration 
device; wherein said administration device performs billing processing relating to 
use of said contents data, based on said generated information relating to use of 
said contents data; and wherein in the event of using said contents data by 
recording, this is performed by using as a unit; said distribution data containing 
said contents data and said use control information containing said information of 
the number of permitted times of use that has been newly set; wherein said 
distribution data contains information relating to the billing format for said 
contents data within said use control information; and wherein the billing . format 
for use of said contents data is determined at said distribution destination, based 
on said information relating to the billing format of said use control information 
for said distribution data. 

9., A data distribution method, which: adds to desired contents data, in a manner 
wherein external operation is impossible, use control information containing 
information of the number of permitted times of use, which is the number of times 
that use of said contents data including either one or both of recording and 
playing said contents data is to be permitted, and generates distribution data; 
distributes said distribution data to a desired distribution destination; detects 
whether or not the use of said contents data of said distribution data is 
permitted, based on said use control information of said distributed distribution 
data, at said distribution destination; uses said contents data in the event that 
use thereof is permitted as the result of said detection; and updates said use 
control information so as to decrease said number of permitted times' of use 
according to said usage; wherein detection of whether or not use of said contents 
data is permitted, control of use of said contents data based on said detection 
results, and updating of said use control information based on said use, are 
performed within a signal processing device regarding which external observation 
and alteration of the signal processing state is impossible; wherein in the event 
that said contents data has been used, said distribution destination sends 
information relating to use of said contents data to a predetermined administration 
device; wherein said administration device performs billing processing relating to 
use of said contents data, based on said generated information relating to .use of 
said contents data; and wherein in the event of using said contents data by 
recording, this is performed by using as a unit; said distribution data containing 
said contents data' and said use control information containing said information of 
the number of permitted times of use that has been newly set; wherein said billing 
is not performed for the first recording after distribution of said distribution 
data. 

10. A data distribution method, which: adds to desired contents data, in a manner 
wherein external operation is impossible, use control information containing 
information of the number of permitted times of use, which is the number of times 
that use of said contents data including either one or both of recording and 
playing said contents data is to be permitted, and generates distribution data; 
distributes said distribution data to a desired distribution destination; detects 
whether or not the use of said contents data of said distribution data is 
permitted, based on said use control information of said distributed distribution 
data, at said distribution destination; uses said contents data in the event that 
use thereof is permitted as the result of said detection; and updates said use 
control information so as to decrease said number of permitted times of use 
according to said usage; wherein detection of whether or not use of said contents 
data is permitted, control of use of said contents data based on said detection 
results, and updating of said use control information based on said use, are 
performed within a signal processing device regarding which external observation 
and alteration of the signal processing state is impossible; wherein in the event 
that said contents data has been used, said distribution destination sends 
information relating to use of said contents data to a predetermined administration 
device; wherein said administration device performs billing processing relating to 
use of said contents data, based on said generated information relating to use of 
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said contents data; and wherein in the event of using said contents data by- 
recording, this is performed by using as a unit; said distribution data containing 
said contents data and said use control information containing said information of 
the number of permitted times of use that has been newly set; wherein said 
distribution data contains information of the number of times use has been 
permitted and the number of times essentially already used, as said use control 
information, with a hash value of a hash function; and wherein detection of whether 
or not use of said distribution data is permitted, and updating of information 
indicating the number of times said distribution data has already been essentially 
used based on use of said distribution data, are performed by comparing information 
of said number of permitted times of use with information of number of times 
already used, at said distribution destination. 

13. A data processing device, comprising: control information extracting means for 
extracting, from distribution data wherein use control information containing 
information of the number of permitted times of use of said contents data including 
either one or both of recording and playing said contents data has been added to 
desired contents data, information of the number of permitted times of use from 
said use control information; use permitting means for detecting whether or not use 
of said content data is permitted, based on said extracted information of the 
number of permitted times of use; use control means for controlling said use so as 
to use said contents data in the event that use thereof is permitted as the result 
of said detection; using means for using said contents data based on said control; 
and control information updating means for updating said use control information so 
as to decrease said number of permitted times of use, based on said usage; wherein 
said control information extracting means, said use permitting means, said use 
control means, and said control information updating means are configured of a' 
signal processing device regarding which external observation and alteration of the 
signal processing state is impossible; wherein said use permitting means detects 
whether or not playing of said contents data is permitted, based on said extracted 
information of the number of permitted times of use;. wherein said use control means 
controls said using means so as "to play said contents data in the event that 
playing thereof is permitted as the result of said detection; wherein said using 
means plays said contents data based on said control; and wherein said control 
information updating means updates said use control information based on said 
playing; and further comprising distribution data generating means for adding use 
control information containing said information of the number of permitted times of 
use that has been newly set to a predetermined value to said contents data, thereby 
generating new distribution data; wherein said use permitting means detects whether 
or not recording of said contents data is permitted, based on said extracted 
information of the number of permitted times of use; wherein said use control means 
controls said distribution data generating means and said using means so as to 
record said contents data in the event that recording thereof is permitted as the 
result of said detection; wherein said distribution data generating means generates 
new distribution data using said contents data which is the object of recording; 
wherein said using means records new distribution data generated based on said 
control; and wherein said control information updating means updates said use 
control information based on said new generation of distribution data and said 
recording . 

14. A data processing device according to claim 13, wherein said distribution data 
contains information of number of permitted times of use by recording of said 
distribution data; and wherein said use permitting means detects whether or not 
recording of said contents data is permitted, based on said information of the 
number of permitted times of use by recording of said distribution data at the 
recording originating side; and wherein said distribution data generating means 
sets the number of permitted times of use by said recording of the generated 
distribution data, based on said information of the number of permitted times of 
use by recording of said distribution data at said recording originating side; and 
wherein said using means records new distribution data generated; and wherein said 
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control information updating means updates said use control information based on 
the recording of said distribution data, and the number of permitted times of use 
by recording set to said recorded distribution data. 

15. A data processing device according to claim 13, wherein said distribution data 
separately comprises information of number of permitted times of using said 
distribution data as original data for recording, and information of number of 
permitted times of using by recording for setting said distribution data as 
distribution data for recording as original data; and wherein said use permitting 
means detects whether or not recording of said contents data is permitted, based on 
information of the number of permitted times of use by recording of said 
distribution data as original data; and wherein said distribution data generating 
means sets the number of permitted times of use by recording of the generated 
distribution data, based on information of number of permitted times of using by 
recording for setting said distribution data as distribution data for recording as 
original data; and wherein said using means records said generated new distribution 
data; and wherein said control information updating means updates said use control 
information based on the recording of said distribution data, and the number of 
permitted times of use by said recording set to said recorded distribution data. 

20. A data processing device according to claim 13, wherein, in the event of using 
said contents data by recording; said distribution data generating means generates 
said distribution data containing said use control information containing 
information wherein the number of permitted times of use of said contents data is 
set to a predetermined value smaller than the number of permitted times of use by 
recording of the original distribution data; said using means records . said newly 
generated distribution data; .and said control information updating means updates 
the information of the number of permitted times of use by recording for the 
original distribution data, based on recording of said new distribution data and 
the number of permitted times of use by recording set to said new distribution 
data. 

21. A data processing device according to claim 16, wherein, in the event of newly 
increasing the number of permitted times of use of said distribution data which has 
already been distributed, said communication means transmits information to said 
administration device for requesting a desired number of times of use of said 
contents data, and receives a response to said request from said administration 
device; and wherein in the event that said received response is such that permits 
said request, said control information updating means increases the number of 
permitted times of use of said distribution data which has already been distributed 
by the maximum number of times allowed. 

25. A data processing device, comprising: control information extracting means for 
extracting, from distribution data wherein use control information containing 
information of the number of permitted times of use of said contents data including 
either one or both of recording and playing said contents data has been added to 
desired contents data, information of the number of permitted times of use from 
said use control information; use permitting means for detecting whether or not use 
of said content data is permitted, based on said extracted information of the 
number of permitted times of use; use control means for controlling said use so as 
to use said contents data in the event that use thereof is permitted as the result 
of said detection; using means for using said contents data based on said control; 
and control information updating means for updating said use control information so 
as to decrease said number of permitted times of use, based on said usage; wherein 
said control information extracting means, said use permitting means, said use 
control means, and said control information updating means are configured of a 
signal processing device regarding which external observation and alteration of the 
signal processing state is impossible; wherein said use permitting means detects 
whether or not playing of said contents data is permitted, based on said extracted 
information of the number of permitted times of use; wherein said use control means 
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controls said using means so as to play said contents data in the event that 
playing thereof is permitted as the result of said detection; wherein said using 
means plays said contents data based on said control; and wherein said control 
information updating means updates said use control information based on said 
playing; and further comprising display means for displaying arbitrary information 
of said use control information of said distributed distribution data, and 
information based on said information. 

26. A data use control device provided to a device which uses said contents data of 
distribution data wherein use control information containing information of the 
number of times that use of said contents data including either one or both of 
recording and playing said contents data is to be permitted, is added to desired 
contents data to be distributed; said data use control device comprising: control 
information extracting means for extracting, from said distributed distribution 
data, information of the number of permitted times of use of said use control 
information; use permitting means for detecting whether or not use of said content 
data is permitted, based on said extracted information of the number of permitted 
times of use; use control means for controlling use so as to use said contents data 
in the event that use thereof is permitted as the result of said detection; control 
information updating means for updating said use control information so as' to 
decrease said number of permitted times of use, based on said usage, in the event 
that said contents data is used; and a signal processing device regarding which 
external observation and alteration of the signal processing state is impossible: 
wherein said use permitting means detects whether or not playing of said contents 
data is permitted, based on said extracted information of the number of permitted 
times of use; wherein said use control means controls said use so as to play said 
contents data in the event that playing thereof is permitted as the result of said 
detection; and wherein said control information updating means updates said use 
control information based on said playing; and further comprising distribution data 
generating means, for adding use control information containing said information of 
the number of permitted times of use that has been newly set to a predetermined 
value to said contents data, thereby generating new distribution data; wherein said 
use permitting means detects whether or not recording of said contents data is 
permitted, based on said extracted information of the number of permitted times of 
use; wherein said use control means controls said distribution data generating 
means so as to record said contents data in the event that recording thereof is 
permitted as the result of said detection; wherein said distribution data 
generating means generates said new distribution data using said contents data 
which is the object of recording; and wherein said control information updating 
means updates said use control information based on said new generation of 
distribution data and said recording. 

27. A data use control device according to claim 26, wherein said distribution data 
contains information of the number of permitted times of use by recording of said 
distribution data; and wherein said use permitting means detects whether or not 
recording of said contents data is permitted, based on said information of the 
number of permitted times of use by recording of said distribution data at the 
recording originating side; and wherein said distribution data generating means 
sets the number of permitted times of use by recording of the generated 
distribution data, based on information of the number of permitted times of use by 
said recording of said distribution data at said recording originating side; and 
wherein said control information updating means updates said use control 
information based on the recording of said distribution data, and the number of 
permitted times of use by recording set to said recorded distribution data. 

28. A data use control device according to claim 26, wherein said distribution data 
separately comprises information of number of permitted times of using said 
distribution data as original data for recording, and information of number of 
permitted times of using by recording for setting said distribution data as 
distribution data for recording as original data; and wherein said use permitting 
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means detects whether or not recording of said contents data is permitted, based on 
information of the number of permitted times of use by recording of said 
distribution data as original data; and wherein said distribution data generating 
means sets the number of permitted times of use by recording of the generated 
distribution data, based on information of number of permitted times of using by 
recording for setting said distribution data as distribution data for recording as 
original data; and wherein said control information updating means updates said use 
control information based on the recording of said distribution data, and the 
number of permitted times of use by said recording set to said recorded 
distribution data. 

33. A data use control device according to claim 26, wherein, in the event of using 
said contents data by recording; said distribution data generating means generates 
said distribution data containing said use control information containing 
information wherein the number of permitted times of use of contents data is set to 
a predetermined value smaller than the number of permitted times of use by 
recording of the original distribution data; and said control information u pdatin g 
means updates the information of the number of permitted times of use by recording 
for the original distribution data, based on recording of said new distribution 
data and the number of permitted times of use by recording set to said new 
distribution data. 

34. A data use control device according to claim 32, wherein, in the event of newly 
increasing the number of permitted times of use of said distribution data which has 
already been distributed, said communication control means transmits information to 
said administration device for requesting a desired number of times ; of use of said 
contents data, and receives a response to said request from said administration 
device; and wherein in the event that said received response is such that permits 
said request, said, control information updating means increases the number of 
permitted times of use of said distribution- data which has already been distributed 
by the maximum number of times allowed. 
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ABSTRACT : 



A reproducing apparatus for reproducing data from a record medium having a program 
area and a management area, the program area being used for recording a plurality 
of files, the management area being used for managing forging prohibition 
information against a particular file recorded in the program area is disclosed, 
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the apparatus comprising a calculating means for calculating the forging 
prohibition information managed in the management area of the record medium 
whenever a file recorded in the recorde medium is reproduced, a comparing means for 
comparing a value calculated by the calculating means corresponding to a former 
reproduction command with a value calculated by the calculating means corresponding 
to a current reproduction command, and a controlling means for permitting the file 
corresponding to the current reproduction command to be reproduced when the value 
calculated corresponding to the former reproduction command is the same as the 
value calculated corresponding to the current reproduction command as the result of 
the comparing means . 
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A method for protecting digital content from copying and/or other misuse as it is 
transferred between one or more computationally constrained devices over insecure 
links, includes preliminarily authenticating that both a content source and a 
content sink are compliant devices, and transferring content between compliant 
devices. In a further aspect of the invention, in the background, concurrently with 
the transfer of content, at least a second cryptographic process is performed. 

In an embodiment, establishing a preliminary control channel includes exchanging 
random challenges between devices, encrypting, under a shared secret key, and 
hashing the exchanged random challenges, exchanging the results of the encryption 
and hash functions and then verifying that the appropriate results have been 
generated. 

CROSS REFERENCE TO RELATED APPLICATIONS 
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ABSTRACT: 

A contents provider stores contents data in a container in a format which can only 
be decoded with a key distributed from an EMD service center, and transmits the 
container to a service provider. The service provider adds pricing information and 
the like and distributes this to a user home network. The user home network pays 
charges to the EMD service center based on the pricing information, receives the 
key, and decodes the contents data. Information regarding the number of times which 
copying is permitted is contained in the secure container, and the number of times 
permitted is increased each time charges are paid, thereby enabling copying to 
other media and the like. It is impossible to make copies from a container simply 
copied, or in cases where in the number of permitted times of copies has been used 
up. Thus, contents data can be distributed in a format wherein copying of contents 
data can be controlled including the number of copies made. 

36 Claims, 34 Drawing figures 
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A cable television system provides conditional access to services. The cable 
television system includes a headend from which service "instances", or programs, 
are broadcast and a plurality of set top units for receiving the instances and 
selectively decrypting the instances for display to system subscribers. The service 
instances are encrypted using public and/or private keys provided by service 
providers or central authorization agents. Keys used by the set tops for selective 
decryption may also be public or private in nature, and such keys may be reassigned 
at different times to provide a cable television system in which piracy concerns 
are minimized. 

36 Claims, 30 Drawing figures 
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ABSTRACT : 

A system for dealing in an original data content and an edited data content. A data 
content is handled as an object, and the data content is edited by editing a data 
content, functioning as an object, in accordance with an edit program. The edited 
data content is expressed by the original data content and the editing scenario 
which describes editing detail by the edit program. Only the encrypted editing 
scenario is dealt in. Upon receipt of the encrypted editing scenario, a user 
decrypts the encrypted editing scenario using a crypt key obtained from a key 
management center, and obtains the original data content from the database in 
accordance with the editing scenario and re-constitutes the edited data content . In 
case there is the one who wishes sale of the editing scenario, its utilization 
right is sold by auction. 

4 Claims, 7 Drawing figures 
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ABSTRACT : 

Method for providing user authentication and a memory for storing a computer 
program for providing user authentication are described. The method includes the 
steps of providing a first argument including a one-way cryptographic 
transformation of a password and a second argument including a one-way 
cryptographic transformation of a cryptographic combination of the password and a 
first nonce, computing a first term using the first argument and computing a second 
term using the first nonce, and comparing the second term with the second argument. 
The memory storing a computer program, the computer program including, means for 
providing a first argument including a one-way cryptographic transformation of a 
password and a second argument including a one-way cryptographic transformation of 
a cryptographic combination of the password and a first nonce, means for computing 
a first term using the first argument and computing a second term using the first 
nonce, and means for comparing the second term with the second argument. 
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ABSTRACT : 

Method for providing user authentication and a memory for storing a computer 
program for providing user authentication are described. The method includes the 
steps of providing a first argument including a one-way cryptographic 
transformation of a password and a second argument including a one-way 
cryptographic transformation of a cryptographic combination of the password and a 
first nonce, computing a first term using the first argument and computing a second 
term using the first nonce, and comparing the second term with the second argument. 
The memory storing a computer program, the computer program including, means for 
providing a first argument including a one-way cryptographic transformation of a 
password and a second argument including a one-way cryptographic transformation of 
a cryptographic combination of the password and a first nonce, means for computing 
a first term using the first argument and computing a second term using the first 
nonce, and means for comparing the second term with the second argument. 
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ABSTRACT: 



A reproducing apparatus for reproducing data from a record medium having a program 
area and a management area, the program area being used for recording a plurality 
of files, the management area being used for managing forging prohibition 
information against a particular file recorded in the program area is disclosed, 
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the apparatus comprising a calculating means for calculating the forging 
prohibition information managed in the management area of the record medium 
whenever a file recorded in" the recorde medium is reproduced, a comparing means for 
comparing a value calculated by the calculating means corresponding to a former 
reproduction command with a value calculated by the calculating means corresponding 
to a current reproduction command, and a controlling means for permitting the file 
corresponding to the current reproduction command to be reproduced when the value 
calculated corresponding to the former reproduction command is the same as the 
value calculated corresponding to the current reproduction command as the result of 
the comparing means . 
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Detail Description Paragraph : 

[0061] The encoder/decoder block 12 of the audio encoder/decoder IC 10 supplies 
encoded data to a DES encrypting circuit 22 through an interface 21 of the security 
IC 20. The DES encrypting circuit 22 has a FIFO 23. The DES encrypting circuit 22 
is disposed so as to protect the copyright of contents . The memory card 40 also has 
a DES encrypting circuit. The DES encrypting circuit 22 of the 

recording/reproducing apparatus has a plurality of master keys and an apparatus- 
unique storage key. The DES encrypting circuit 22 also has a random number 
generating circuit. The DES encrypting circuit 22 can share an authenticating 
process and a session key with the memory card 40 that has the DES encrypting 
circuit. In addition, the DES encrypting circuit 22 can re-encrypt data with the 
storage key of the DES encrypting circuit. 

Detail Description Paragraph : 

[0077] The security block 52 of the memory card 40 has a plurality of 
authentication keys and a unique storage key for each memory card. The nonvolatile 
memory 55 stores a key necessary for encrypting data. The key stored in the 
nonvolatile memory 55 cannot be analyzed. According to the embodiment, for example, 
a storage key is stored in the nonvolatile memory 55. The security block 52 also 
has a random number generating circuit. The security block 52 authenticates an 
applicable recorder/player and shares a session key therewith. In addition, the 
security block 52 re -encrypts contents with the storage key through the DSE 
encrypting circuit 54 . 

Detail Description Paragraph : 

[0079] When contents are written to the memory card 40, the recorder/player 
encrypts a contents key with a session key and supplies the encrypted data to the 
memory card 40. The memory card 40 decrypts the contents key with the session key, 
re -encrypts the contents key with a storage key, and supplies the contents key to 
the recorder/player. The storage key is a unique key for each memory card 40. When 
the recorder/player receives the encrypted contents key, the recorder/player 
performs a formatting process for the encrypted contents key, and writes the 
encrypted contents key and the encrypted contents to the memory card 40. 

Detail Description Paragraph : 

[0081] When data is read from the memory card 40, the contents key encrypted with 
the storage key and the contents encrypted with the block key are read from the 
flash memory 42. The security block 52 decrypts the contents- key with the storage 
key. The security block 52 re -encrypts the decrypted content key with the session 
key and transmits the re -encrypted contents key to the recorder/player. The 
recorder/player decrypts the contents key with the received session key and 
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generates a block key with the decrypted contents key. The recorder/player 
successively decrypts the encrypted ATRAC3 data. 

Detail Description Paragraph : 

[0085] One page is composed of a data portion of 512 bytes and a redundant portion 
of 16 bytes. The first three bytes of the redundant portion is an overwrite portion 
that is rewritten whenever data is updated . The first three bytes successively 
contain a block status area, a page status area, and an update status area. The 
remaining 13 bytes of the redundant portion are fixed data that depends on the- 
contents of the data portion. The 13 bytes contain a management flag area (1 byte) , 
a logical address area (2 bytes), a format reserve area (5 bytes), a dispersion 
information ECC area (2 bytes), and a data ECC area (3 bytes). The dispersion 
information ECC area contains redundant data for an error correction process 
against the management flag area, the logical address area, and the format reserve 
area. The data ECC area contains redundant data for an error correction process 
against 512-byte data. 

Detail Description Paragraph : 

[0104] In other words, a record command issued by the remote controller of the user 
or the like is supplied to the DSP 30 from the external controller through the bus 
and the .bus interface 32. The encoder/decoder IC 10 compresses the received audio 
data and supplies the resultant ATRAC 3 data to the security IC 20. The security IC 
20 encrypts the ATRAC 3 data. The encrypted ATRAC 3 data is recorded to the flash 
memory 42 of the memory card 40. Thereafter, the FAT and the management file are 
updated . Whenever a file is updated (in reality, whenever the recording process of 
audio data is completed) , the FAT and the management file stored in the SRAMs 31 
and 36 are rewritten. When the memory card 40 is detached or the power of the 
recorder/player is turned off, the FAT and the management file that are finally 
supplied from the SRAMs 31 and .36 are recorded to the flash memory 42. 
Alternatively, whenever the recording process of audio data is completed, the FAT 
and the management file written in the flash memory 42 may be rewritten. When audio 
data is edited, the contents of the management file are updated . 

Detail Description Paragraph : 

[0501] FIG. 30 shows the data arrangement (for one block) of the ATRAC 3 data file 
A3Dnnnn in the case that 1 SU is composed of N bytes. In this file, one slot is 
composed of eight bytes. FIG. 30 shows the values of the top portion (0x0000 to 
0x3FF8) of each slot. The first four slots of the file are used for a header. As 
with the data block preceded by the attribute header of the data file (see FIG. 17) 
of the first example, a header is placed. The header contains an area BLKID-A3D (4 
bytes), a maker code area MCode (2 bytes), an area BLOCK SEED (8 bytes) necessary 
for encrypting process, an area CONNUM0 (4 bytes) for the initial contents 
cumulation number, a serial number area BLOCK SERIAL (4 bytes) for each track, and 
an area INITIALIZATION VECTOR (8 bytes) necessary for encrypting/decrypting 
process. The second last slot of the block redundantly contains an area BLOCK SEED. 
The last slot contains areas BLKID-A3D and MCode. As with the first embodiment, the 
header is followed by the sound unit data SU-nnnn. 

Detail Description Paragraph : 

[0531] A forge-check code is generated by calculating CONTENTS KEY (CK) of an 
ATRAC 3 data file generated along with the reproduction management file PBLIST.MSF 
using the hash function. In addition, since the file may be erased or moved, the • 
value of CONTENTS KEY (CK) is stored in another file. When clock information S- 
YMDhms has not been entered, all hash values are set to zero with no calculations. 
Whenever the clock information S-YMDhms is updated, the hash values are calculated. 

Detail Description Paragraph : 

[0538] The match detecting circuit 74 compares the current hash values with the 
former hash values . Depending on whether the current hash values are the same as 
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the former hash values, it is determined whether the reproduction limitation value 
block 70 has been forged. Output data of the match detecting circuit 74 is supplied 
to the controlling portion 75. 

Detail Description Paragraph : 

[0542] The calculating process of this example is performed in the same manner as 
that for an ATRAC3 data file. The circuit of this calculating process can be shared 
with that for the ATRAC3 data file. Since the file may be erased or moved, the • 
value of CONTENTS KEY (CK) is stored in another file. When clock information S- 
YMDhms has not been entered, all hash values are set to zero with no calculations. 
Whenever the clock information S-YMDhms is updated, the hash values are calculated. 



Detail Description Paragraph : 

[054 6] At step SP103, with CONTENTS KEY (CK) .contained in the attribute header, the 
hash calculating circuit 71 calculates the clock information S-YMDhms of the 
reproduction management file PBLIST.MSF using the hash function and stores the 
calculated value to the memory area 73 of the encrypting circuit 22. 

Detail Description Paragraph : 

[0555] The match detecting circuit 74 compares the currently calcu ]^t££l hash values • 
with the formerly calculated hash values . When they match, it is determined that 
any information of track attribute A, reproduction limitation flag, security 
version LT, MG (D) serial number MG (D) Serial, contents cumulation number CONNUM, 
reproduction start date/time YMDhms-S, reproduction expiration date/time YMDhms-E, 
number of track reproduction times CT, number of reproduction permission times MT, 
COPY CONTROL CC, and number of high speed digital copy permission times CN 
(optional) of the attribute file has not been forged. Thereafter, the flow advances 
to step SP114. At step SP114, the reproducing operation of the ATRAC 3 data file is 
permitted. 

Detail Description Paragraph : 

[0561] After the memory card 40 is detached and then attached again, when the 
reproduction command is issued at step S3, the flow advances to step S202. At step 
S4, the hash calculating circuit 71 calculates hash values of the reproduction 
limitation value block 70. The hash values calculated by the hash calculating 
circuit 71 are stored as current hash values to the memory area 72 of the 
encrypting circuit 22. The current hash values and the former hash values are read 
and supplied to the match detecting circuit 74. The match detecting circuit 74 
compares the current hash values with the former hash values . Depending on whether 
they match, the match detecting circuit 74 determines whether or not the 
reproduction limitation value block 70 has been forged. The match detecting circuit 
74 supplies the detected result to the controlling portion 75. 

Detail Description Paragraph : 

[0563] After the memory card 40 is detached and then attached again, when the 
reproduction command is issued at step S7, the flow advances to step S203. At step 
S203, the same process as step S202 is performed. In other words, hash values of 
the reproduction limitation value block 70 are calculated and compared with the 
former hash values . Thus, it is determined whether or not the reproduction 
limitation value block 70 has been forged (at step S8). When the reproduction 
limitation value block 70 has not been forged, the reproducing operation is 
performed (at step S9) . Thereafter, the number of reproduction times CT is 
decremented by 1 and thereby (CT=0) is set (at step S10) . 

Detail Description Paragraph : 

[0564] After the number of reproduction times CT is set to zero (CT=0), regardless 
of whether the reproduction limitation value block 70 has been forged, the number 
of reproduction times CT is considered with priority. Thus, the reproducing 
operation is prohibited. For example, after the memory card 40 is detached and then 
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attached again, when the reproduction command is issued at step Sll, the flow 
advances to step S12. At step S12, hash values of the reproduction limitation value 
block 70 are calculated and then the current hash values are compared with the 
former hash values . Since the current hash values match the former hash values, 
normally, the reproducing operation is permitted. However,' since the number of 
reproduction times CT is zero (CT=0), the reproducing operation is prohibited. 
Thus, in this case, the controlling portion 75 forms control information that 
prohibits the reproducing operation (at step S13) . In addition, with a speaker 
and/or a display, the user is informed that because the number of reproduction 
times CT matches the number of reproduction permission times MT, the reproducing 
operation is prohibited. 

Detail Description Paragraph : 

[0571] After the memory card 40 is detached and then attached, when the 
reproduction command is issued, hash values of the reproduction limitation value 
block 70 are calculated. The match detecting circuit 74 compares the hash values 
currently calculated with the hash values formerly calculated. Depending on whether 
they match, the match detecting circuit 74 determines whether the reproduction 
limitation value block 70 has been forged. In addition, the match detecting circuit 
74 compares the date/time of the inner clock 7 6 with the reproduction expiration 
date/time. When the reproduction limitation value block 70 has not been forged and 
the date/time of the inner clock 7 6 is before the reproduction expiration date/time 
as the determined results of the match detecting circuit 74, the reproducing 
operation is performed. 

Detail Description Paragraph : 

[0573] In other words, before a data file is reproduced, the current hash values 
and the former hash values are compared . When they do not match, since it is 
determined that the reproduction limitation value block 70 has been forged, the 
reproducing operation is prohibited. However, even if the current hash values match 
the former hash values, unless the reproduction expiration date/time is proper, the 
reproducing operation is prohibited. When the reproducing operation is prohibited, 
with the speaker or display, the user is informed of a relevant message. Even if 
the date/time of the inner clock 76 exceeds the reproduction expiration date/time, 
hash values of the reproduction limitation value block 70 are calculated and stored 
against future forged information. 

Detail Description Paragraph : 

[0576] For example, after the memory card 40 is detached and then attached, when 
the reproduction command is issued, the current hash values and the former hash 
values are compared . Corresponding to whether or not they match, it is determined 
whether or not the reproduction limitation value block 70 has been forged. In 
addition, the date/time of the inner clock 76 and the reproduction start date/time 
are compared. When the reproduction limitation value block 70 has not been forged 
and the date/time of the inner clock 76 exceeds the reproduction state date/time as 
the determined results, the reproducing operation is permitted. 
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NOTICE MAILED-APPLICATION INCOMPLETE-FILI 


02/17/2001 




CAD 


CORRESPONDENCE ADDRESS CHANGE 


12/15/2000 




SCAN 


IFW SCAN & PACR AUTO SECURITY REVIEW 


11/13/2000 
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IEXX 


INITIAL EXAM TEAM NN 
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L14: Entry 4 of 6 File: USPT Jun 12, 2 001 



DOCUMENT- IDENTIFIER: US 6246767 Bl 

** See image for Certificate of Correction ** 

TITLE: Source authentication of download information in a conditional access system 

Application Filing Date (1) : 
20000120 

Detailed Description Text (19) : 

In FIG. 2A, clear services such as the elementary digital bit streams which 1 
comprise MPEG-2 programs are sent through a l.sup.st level encryption called the 
Program Encrypt function 201, which is preferably a symmetric cipher such as the 
well-known DES algorithm. Each elementary stream may be individually encrypted and 
the resulting encrypted streams are sent to MUX 200 to be combined with other 
elementary streams and private data, such, as conditional access data. The key used 
in the Program Encrypt function 201 is called the Control Word (CW) 202. The CW 202 
is generated by control word Generator 203 which can be either a physically random 
number generator or can use a sequential counter with a suitable randomization 
"algorithm to produce a stream of random CWs . A new CW is generated frequently, 
perhaps once every few seconds and is applied to each elementary stream on the same 
time scale. Each new CW is encrypted by Control Word Encrypt & Message Authenticate 
function 204 using a Multi -Session key (MSK) 208 provided by Multi -Session Key 
generator 205. The CW is then combined into an ECM 107 with other service-related 
information. The ECM 107 is authenticated by Control Word Encrypt & Message 
Authenticate function 2 04 which produces a message authentication code using a 
keyed-hash value derived from the message content combined with a secret which can 
be shared with the receiving set-top box 113. This secret is preferably part or all 
of the MSK 208. The message authentication code is appended to the rest of the ECM 
107. The CW 202 is always encrypted before being sent along with the other parts of 
the ECM to MUX 200. This encryption is preferably a symmetric cipher such as the 
Triple-DES algorithm using two distinct 56 -bit keys (which taken together comprise 
MSK 208) . 

Detailed Description Text (30) : 

Once the sealed digest is made, the contents of the EMM (here, MSK 309 and the 
related information) are encrypted with the public key DHCT Ku 312 of the DHCT 333 
to which EMM 315 is addressed and EMM 315, containing the encrypted contents and 
the sealed digest, is sent via transmission medium 331 to the DHCT 333. In the 
following, the notation Kr is used to indicate a private key and Ku is used to 
indicate a public key. The notation RSA indicates that the encryption is done using 
the well-known RSA public key encryption algorithm. 

Detailed Description Text (33) : 

ECM 323 is sent together with encrypted content 329 to DHCT 333. The first ECM 323 
for a given portion of encrypted content 329 must of course arrive at DHCT 333 
before the encrypted content does. In the preferred embodiment, content 325 and ECM 
323 are encoded according to the MPEG-2 standard. The standard provides for a 
transport stream which includes a number of component streams. Some of these carry 
content 329, another carries the ECMs 323, and a third carries the EMMs 315. Only 
the streams carrying content 329 are encrypted according to DES 329; since the 
control words in ECMs 32 3 and the contents of EMMs 315 have already been encrypted, 
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no further encryption is needed when they are sent in the MPEG-2 transport stream. 
The manner in which EMMs and ECMs are transported in the MPEG-2 transport stream 
will be described in more detail later. 

Detailed Description Text (34) : 

When an ECM 323 is received in DHCT 333, control word 319 is either decrypted or 
found by encrypting the counter value at 343 using the MSK. The integrity of the 
contents of the ECM 323 is checked by comparing the value resulting from hashing 
the contents plus some or all of the MSK (based on cryptographic principles) in the 
one-way hash function with the message digest contained in ECM 323. Included in the 
contents are control word 319 and information identifying the service instance 325 
which ECM 323 accompanies. The identifying information is used together with the 
authorization information received with EMM 315 to determine whether DHCT 333 is 
authorized to receive the service instance 325. If it is, control word 319 is used 
in service decryptor 347 to decrypt encrypted content to produce original content 
325 . 

Detailed Description Text (35) : 

System 3 01 offers a number of advantages with regard to security. It takes 
advantage of the speed of symmetrical encryption systems where that is needed to 
decrypt encrypted content 329 and the control word in ECM 323. The control word is 
protected by encrypting it using the MSK, and ECM 323 is authenticated by using 
some or all of MSK 309 as a shared secret between the entitlement agent and DHCT 
333. MSK 309 is protected in turn by the fact that it is sent in an EMM which is 
encrypted using the DHCT's public key and by the fact that the EMM includes a 
sealed digest which is encrypted using the entitlement agent's private key. Further 
security is provided by the fact that service identification information from ECM 
323 must agree with the authorization information received in EMM 315 before 
control word 319 is provided to service decryptor 347. For example, as described. in 
detail in the Banker and Akins parent patent application supra, one use of the 
information in ECM 323 and EMM 315 is to prevent what are termed "replay attacks" . 
on the encrypted services. In addition to being secure, system 301 is flexible. The 
authorization information contained in EMM 315 and the service identification 
information contained in ECM 323 together permit a wide range of access to service 
instances received in DHCT 333. 

Detailed Description Text (59) : 

At the entitlement agent, key 420 is decrypted using the entitlement agent's 
private key 310, and the sealed digest is decrypted using the public key 312 of the 
DHCT. If the Encrypted Forwarded Entitlement Information (EFEI) 419 contained in 
the FPM 421 is determined not to have been tampered with, it is passed to 3DES 
decryption 443, which decrypts it using key 420 and provides forwarded entitlement 
information 417 to the entitlement agent. As will be immediately apparent, the same 
technique, with or without the 3DES encryption of the contents of the message, can 
be used to send messages to any entity for which DHCT 333 has the public key. At a 
minimum, this includes the CAA and any entitlement agent which has been allocated 
memory in DHCT 3 33. 

Detailed Description Text (70) : 
encrypting the service content 

Detailed Description Text (90) : 

Service Encryption and ECM Streamer (SEES) module 620 is a component of QAM 
Modulator 619 that operates under direction of control suite 607 to encrypt the 
MPEG-2 transport stream packets that are employed in the preferred embodiment to 
transmit service content 325. As shown in FIG. 6, service content 325 may be 
received from sources such as a digital satellite distribution system 613, a 
digital terrestrial distribution system 611, or a media server 609. Media server 
609 may be connected to head end 515 by a broadband integrated gateway 615. SEES 
620 uses MSK 309 to generate the control words 319 used for service encryption and 
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creates ECMs 323 for transporting the control words together with encrypted service 
content 329 within the outgoing MPED-2 Transport Stream. SEES 620 encrypts the 
control words in the ECMs 323 with MSKs 3 09. The MSKs are generated by TED 603 and 
are sent to SEES 620 in encrypted form in EMM-like messages. 

Detailed Description Text (124) : 

an identifier for the type of security algorithm used with the message, including 
encryption of the message and authentication of its contents ; and 

Detailed Description Text (213) : 

Of the non-event broadcast EMMs, four types will be discussed here. These are 
Update MSK, Update Bit Map, Update List, and update combinations with MSK and list 
or bitmap. Those skilled in the art will be able to easily apply the principles 
explained below to EMMs that perform the functions indicated by the names of the 
other non-event broadcast EMMs . For example, the principles of digital EMMs can be 
applied to analog EMMs. There is a separate type of NVSC 1405 for each information 
type provided by the above non-event broadcast EMMs. FIG. 16 shows the contents of 
four of these types of NVSCs . Each NVSC type will be discussed together with the 
EMM that provides the information it contains. 

Detailed Description Text (245) : 

DHCT 33 3 sends a forwarded purchase message with the purchase information via the 
reverse channel to the entitlement agent that sent the GBAM . The FPM is contained 
in a reverse channel data packet that is addressed to the EA. FIG. 21 provides an 
overview of the FPM and of the cryptographic measures used to protect its contents. 
FPM 2101 is a CA message 805 and consequently is sent with a CA message header 
1003. FPM 2101 itself is made up of FPM encrypted envelope key 2103', which contains 
the EAID for the entitlement agent and FPM key 2119 for decrypting the purchasing 
information contained in FPM encrypted events 2113 . The key and other contents .of 
envelope key 2103 are encrypted for privacy using the public key of the entitlement 
agent for which FPM 2101 is intended. CA FPM message 2105 includes CA FPM header 
211, which includes the EAID for the intended EA, and FPM encrypted events 2113. 
The latter are encrypted using the 3-DES algorithm with the key in envelope key 
2103. CA FPM message 2105's parts are a header 213, FPM clear events 2133, which 
contains the purchase information, and padding 2135. The last part of FPM 2101 is 
FPM signed authentication 2107, which is encrypted with the private key of DHCT 33 3 
from which FPM message 2101 is sent. The encrypted material includes FPM signing 
header 2125, FPM MAC 2127, and padding 2129. FPM MAC 2127 is made using the MD 5 
one-way hash algorithm from FPM clear events 2133. Only the EA for which the FPM is 
intended can decrypt envelope key 2103 to obtain key 2119 to decrypt FPM encrypted 
events 2123, and the EA can check the authenticity of FPM clear events 2133 only if 
it has the public key for DHCT 333 from which FPM 2101 was sent. 

Detailed Description Text (333) : 

(4) uses the decrypted encrypted events with MD5 code 2529 to produce a new hash 
which it compares with the decrypted value of FPM authentication 2107. If this 
comparison indicates that the FPM is authentic, TED 2425 (i) returns the- decrypted 
events to DNCS 507, which in turn forwards them to EA 2409 (i) . 

Detailed Description Text (334) : 

The MSKs in MSK 2515 are generated by TED 2425 (i). The interface for MSK generation 
simply requires the MSKID for the new MSK, the parity for the new MSK, and any 
expiration time. MSK generation code 2525 receives a random number from random 
number generator 2537 and uses it to generate the new MSK. Then the MSKE 2515 for 
the new MSK is made and added to EA information 2507. If there is already an MSKE 
2525 for the MSKID for the new MSK, the new MSKE replaces the existing MSKE. TED 
2425 (i) also generates interactive session keys for the add interactive session 
EMM. Key generation is as described for the MSK EMM. Once TED 2425 (i) has provided 
the EMM content with the encrypted key to DNCS 507, it overwrites the area in 
memory 2505 where the interactive session key was stored. 
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Detailed Description Text (343) : 

Code message 2301 can be sent either in a MPEG-2 transport stream or as an IP 
packet. Message 2301 may be broadcast to any DHCT 333 that has the authenticating 
CAA or EA, or it may be sent to a specific DHCT 333. In that case, the packet (s) 
carrying code message 2301 will include an address for DHCT 333. In the preferred 
embodiment, the address is DHCT 333' s serial number. When code message 2301 arrives 
in the DHCT 333 for which it is intended, code executing on the processor performs 
the one-way hash function on code 23 05 and provides the result together with AID 
2307 and sealed digest 2309 to • DHCTSE 627. DHCTSE 627 uses AID 2307 to locate the 
public key for the CAA or EA and then uses the public key to decrypt sealed digest 
2309. Finally, it compares the hash value in decrypted sealed digest 2309 with that 
provided by the code executing on the processor, and, if they are equal, DHCTSE 62 7 
signals that the code has been authenticated. 

Current US Cross Reference Classification (4) : 
380/30 
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Jun 13, 2000 



DOCUMENT- IDENTIFIER: US 6076077 A 

** See image for Certificate of Correction ** 

TITLE: Data management system 

Abstract Text (1) : 

A system for dealing in an original data content and an edited data content. A data 
content is handled as an object, and the data content is edited by editing a data 
content, functioning as an object, in accordance with an edit program. The edited 
data content is expressed by the original data content and the editing scenario 
which describes editing detail by the edit program. Only the encrypted editing 
scenario is dealt in. Upon receipt of the encrypted editing scenario, a user 
decrypts the encrypted editing scenario using a crypt key obtained from a key 
management center, and obtains the original data content from the database in 
accordance with the editing scenario and re-constitutes the edited data content . In 
case there is the one who wishes sale of the editing scenario, its utilization 
right is sold by auction. 

Application Filing Date (1) : 
19970501 

Brief Summary Text (11) : 

The database copyright management system of the above application in order to. 
manage the copyright, either one or more of a program for managing the copyright, 
copyright information, and a copyright control message are used in addition to a 
use permit key corresponding to a requested use, and data content which has been 
transferred with encryption is decrypted to be used for viewing and editing, and 
the data content is encrypted again when used for storing, copying and 
transferring . 

Brief Summary Text (14) : 

The above-mentioned system comprises a key management center that manages a crypt 
key and a copyright management center that manages the database copyright . 
According to this system, all of the data content delivered from a database is 
encrypted by a first crypt key, and a first user who wishes to uses data content 
directly from the database requests the key management center the key corresponding 
to the specific usage by presenting information on the first user to the center. In 
response to the primary usage request from the first user, the key management 
center transfers the information on the first user to the copyright management 
center. On receiving the information, the copyright management center transfers 
this information together with a copyright management program to the key control 
center. On receiving the copyright management program, the key control center 
transfers the first crypt key and a second t crypt key K2 corresponding to the 
specific usage together with the copyright management program to the first user via 
a communication network. On receiving the first crypt key, the first user uses this 
key to decrypt the data content for usage . The user uses the second crypt key to 
encrypt and decrypt data content when subsequently storing, copying or transmitting 
the data content . 

Brief Summary Text (40) : 

Here, the operation to encrypt data content, a plain text material M to a 
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cryptogram Cmks using a secret-key Ks is expressed as: 
Brief Summary Text (42) : 

Also, the operation to encrypt the plain text data content M to a cryptogram Cmkb 
using a public key Kb is expressed as: 

Brief Summary Text (44) : 

The operation to encrypt the plain text data content M to a cryptogram Cmkv using a 
private-key Kv is expressed as: 

Brief Summary Text (46) : 

The encryption technique is the means to exclude illegitimate use of data content, 
but perfect operation is not guaranteed. Thus, the possibility of illegitimate use 
of data content cannot be completely excluded. 

Brief Summary Text (50) : 

In the present application, a data content is handled as an object, and the data 
content, functioning as an object, is edited in accordance with a edit program. 
Therefore, the edited data content can be expressed by the original data content 
and the editing scenario, which describes the edit detail based on an edit program. 
As the original data content to be utilized, there are, in addition to the one 
stored in the database, those prepared originally by the data editor. The data 
content prepared by the data editor can also be handled in the same manner as the 
other data by storing it in the database. In this case, only the encrypted editing 
scenario is dealt in, and when the user obtains the encrypted editing scenario, the 
user decrypts the encrypted editing scenario by using a crypt key obtained from a 
key management center, and obtains the original data content from the database in 
accordance with the editing scenario and reconstitutes the edited data content. 

Detailed Description Text (15) : 

The databases 1, 2, and 3, copyright management center 8, primary user terminal 4, 
secondary user terminal 5, tertiary user terminal 6, and n-th user terminal 7 are 
connected to communication line 9. In FIG. 1, encrypted data content is transmitted 
via the path shown by a broken line, requests are transmitted from user terminal 4, 
5, 6, or 7 to database 1, 2, or 3 and copyright management center 8 via the path 
shown by a solid line. The permit key, copyright management program, and crypt key 
corresponding to a specific usage are transmitted from database 1, 2, or 3 and 
copyright management center 8 to user terminal 4, 5, 6, or 7 via the path shown by 
an one-dot chain line. 

Detailed Description Text (16) : 

The Embodiment 1 employs a first public-key Kbl, a first private -key Kvl 
corresponding to the first public-key Kbl, a second public-key Kb2, and a second 
private-key Kv2 corresponding to the second public-key Kb2 that are prepared by a 
first user, and a first secret-key Ksl and a second secret-key Ks2 prepared by the 
database. The database uses the first secret-key Ksl to encrypt data content M: 

Detailed Description Text (19) : 

The database then transmits these encrypted data content Cmksl and the first and 
the second secret-keys Ckslkbl and Ck2kb2 to the first user. 

Detailed Description Text (21) : 

and decrypts the encrypted data content Cmksl by the decrypted first secret -key 
Ksl: 

Detailed Description Text (23) : 

which is subsequently used as a key for encrypting/decrypting of storing, copying, 
or transmitting data content . 

Detailed Description Text (27) : 
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Databases 1, 2, and 3 store text data content or binary, digital audio, or digital 
picture data content constituting computer graphics screens or programs in 
unencrypted form. This data content is encrypted and supplied to the user terminal 
4 via communication line 8 during a data content read operation in response to a 
request from first user terminal 4 . 

Detailed Description Text (31) : 

The original data content Ml, M2 and M3 are encrypted using each of the second 
secret -keys Ks21, Ks22, Ks2 3 supplied with each of data content Ml, M2 and M3 when 
used for operations other than display; i.e., store, edit, copy or transmit: 

Detailed Description Text (32) : 

The data content parts M4, M5 and M6, of original data content are also encrypted 
using each of the second secret -keys Ks21, Ks22, Ks23 supplied with each of the 
original data content when used for operations other than display: 

Detailed Description Text (34) : 

and supplies encrypted original data content parts Cm4ks21, Cm5ks22 and Cm6ks2 3 to 
second user together with the edit program Pe with the digital signature, via 
communication line 9 or by storing into the recording medium 10. 

Detailed Description Text (35) : 

Upon receipt of the encrypted original data content parts Cm4ks21, Cm5ks22 and 
Cm6ks23, and the edit program Pe, second user requests second secret -keys Ks21, 
Ks22, Ks23 for decryption of the encrypted original data content parts Cm4ks21, 
Cm5ks22 and Cm6ks2 3 by presenting the edit program Pe with the digital signature, 
no the copyright management center 8 . 

Detailed Description Text (42) : 

By incorporating the agent program into a basic system of a data copyright 
management system so that the database utilization of a user is monitored, and it 
is arranged that information including data, utilization condition and charging is 
collected at the database or the copyright management center, using metering 
function placed in user terminal, and thus, it is possible to know the database 
utilization condition of- the user at the database side or the copyright management 
center side and achieve more accurate copyright management. These agent program and 
its data are also necessary to be protected in copyrights, and therefore, are 
encrypted like original data content . 

Detailed Description Text (48) : 

The solid line, broken line and one-dot chain line in this FIG. 3 show the path for 
data content and requests for crypt keys, path of encrypted data content and path 
of crypt keys, respectively. 

Detailed Description Text (50) : 

In the data copyrights management system, the original data content provided by 
each of information providers 15 and 16 has been encrypted to protect the 
copyright. Therefore, the use of the encrypted original data content obtained by 
first user 13 needs to be decrypted. All of the crypt keys for the decryption are 
deposited in key control center 12 to be controlled by the center. 

Detailed Description Text (52) : 

In this system, plaintext original data content MO is encrypted by first secret-key 
Ksl: 

Detailed Description Text (54) : 

Original plaintext copyright label LcO is attached to encrypted original data 
content CmOksl provided for primary users 13, and is used for obtaining primary use 
permit keys, etc. Namely, encrypted original data content CmOksl includes plaintext 
original copyright label LcO and encrypted original data content CmOksl. The name 
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of application programs in use, outlined explanation, fees and charging method are 
entered into plaintext original copyright label LcO in addition to general 
information including the name of original creator, title name and creation date. 
The number of a crypt key is also entered if necessary. Digital signature by 
original creator added to plaintext original copyright label LcO prevents false 
copyright claiming. 

Detailed Description Text (55) : 

Primary users 13 who require use of encrypted original data content CmOksl make a 
request to key control center 12 via communication line 14 for distributing primary 
use permit keys Kl indicating original copyright label LcO. 

Detailed Description Text (58) : 

Primary users 13 decrypt encrypted primary copyrighted data content CmOksl using 
first secret-key Ksl: 

Detailed Description Text (60) : 

When decrypted original data content. MO is stored in primary users 13 devices, it 
is encrypted again by first secret-key Ksl 

Detailed Description Text (61) : 

and re -encrypted original data content CmOksl is stored. 
Detailed Description Text (62) : 

For repeated use of re -encrypted original data content CmOksl, repeated decryption 
and encryption are carried out using first secret-key Ksl. 

Detailed Description Text (64) : 

When halfway edited data content MO' is stored in users 13 devices, it is enc ry pted 
by second secret-key Ks2 .* 

Detailed Description Text (66) : 

When primary users 13 copy editorial data content Ml into external recording medium 
18 or transfer it via communication line 14, they encrypt editorial data content 
using third, secret-key Ks3 : 

Detailed Description Text (68) : 

Secondary users 19 who desire to use provided encrypted editorial data content 
Cmlks3 request key control center 12 for distributing third secret-key Ks3 via 
communication line 14. Key control center 12 that has received the request for 
distributing third secret -keys Ks3 from secondary users 19 distributes third 
secret-key Ks3 to secondary users 19 via communication line 14. 

Detailed Description Text (69) : 

Secondary users 19 who have received third secret -keys Ks3 decrypt encrypted 
editorial data content Cmlks3 using third secret-key Ks3 : 

Detailed Description Text (71) : 

When using encrypted data content Cmlks3 again, decryption and encryption are 
carried out using third secret -key Ks3 also in this case. 

Detailed Description Text (76) : 

It is also possible that the original author A stores the original secret-key KsO 
and encrypts the original data content MO without depending on the data management 
center, while the original secret-key KsO must be stored at the data management 
center to utilize the original data content MO by the user (data content user) . 

Detailed Description Text (81) : 

encrypts the original data content MO using the decrypted original secret-key KsO: 
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Detailed Description Text (82) : 

and transfers the encrypted original data content CmOksO, the original copyright 
label LcO and the original copyright label fingerprint • FO to the first user Ul . 

Detailed Description Text (83) : 

(4) When the encrypted original data content CmOksO, the original copyright label 
LcO and the original copyright label fingerprint FO are transferred, the first user 
Ul presents the original copyright label LcO, the original copyright label 
fingerprint FO and first user label Lul and requests the data management center to 
distribute the original secret-key KsO. 

Detailed Description Text (87) : 

decrypts the encrypted original data content CmOksO using the decrypted original 
secret-key KsO : 

Detailed Description Text (90) : 

The copyright of the original author relating to the original data content MO can 
be protected by the original copyright label LcO which has been registered, 
original copyright label fingerprint FO and the original secret -key KsO 
corresponding to the original copyright label LcO and also by the first user label 
Lul and the first secret -key Ksl corresponding to the first user label Lul. 
However, because no key for encrypting the edited data content Mel is available,, 
the secondary copyright of the first user relating to the edited data content Mel 
is not yet protected. 

Detailed Description Text ( 97 ) : 

encrypts the first edited data content Mel using the decrypted first edit secret- 
key Ksel: ' 

Detailed Description Text (98) : 

and transfers the encrypted first edited data content Cmelksel to the second user 
XS2 together with the first adit label Lei, and the electronic fingerprint Fel of 
the first edit label Lei. 

Detailed Description Text (100) : 

Each user may put digital signature which one-way hash value of the user's label is 
encrypted using user's private-key on the user's label to be presented to the data 
management center. Then, the data management center decrypts the encrypted one-way 
hash value using the user's public-key, calculates the one-way hash. value of the 
label and compares the two one-way hash values in order to verify validity of each 
user's label. 

Detailed Description Text (101) : 

In this embodiment, only the first edit label Lei and the electronic fingerprint 
Fel of the first edit label Lei are transferred together with the encrypted first 
edited data content Cmelksel when edited data content transfer, while it is 
possible to arrange in such manner that the other labels and electronic 
fingerprints can be simultaneously transferred. 

Detailed Description Text (103) : 

In the systems described above, the data content is encrypted using secret -key, and 
the secret-key for its decryption and secret -key for re -encrypt ion used for 
storage, copying and transfer are distributed by the data management center based 
on the user label presented by the user. 

Detailed Description Text (109) : 

To protect data content copyright, it is necessary to use some sort of encryption 
technique to restrict unauthorized utilization of the data content . 

Detailed Description Text (110) : 
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In the Embodiment 3 described above, to protect copyright in a system for an 
ordinary computer having data storage unit, encrypted data content and labels not 
encrypted as clues to utilize the data content are used. 

Detailed Description Text (111) : 

In contrast, in a system for a network computer, which has only the function of the 
above-mentioned terminal unit, the data content is not stored, copied or 
transferred, and there is no need to encrypt the data content . 

Detailed Description Text (116) : 

In the system of this embodiment, public-key and private-key are used. If original 
data content is transferred to a user, the original data content is encrypted by 
using a secret-key or a public -key of transferred destination for the purpose of 
security. 

Detailed Description Text (121) : 

(1) (2) The first user Ul presents the first user label Lul to the data management 
center, collects the original data content MOi (i=l, 2,3, . . . ) from data 
content library of the information provider IP in the system and obtains a edit 
tool Pe. In this case, the original data content MOi and the edit tool Pe are 
encrypted using public-key Kbl of the first user Ul : 

Detailed Description Text (122) : 

and the encrypted original data content CmOikbl and the encrypted edit tool Cpekbl 
are distributed to the first user Ul . 

D etailed Description Text (124) : 

(3) When the encrypted original data content CmOikbl and the encrypted edit tool 
Cpekbl are distributed, the first user Ul decrypts the distributed ' encrypted 
original data content CmOikbl and the encrypted edit tool Cpekbl using private -key 
Kvl of the first user Ul : > 

Detailed Description Text (126) : 

(4) Obtaining the first edited data content Mli, the first user Ul encrypts a first 
scenario Sli, which is the editing process data content for the first edited data 
c ontent Mli, using public-key Kbc of the data management center: 

Detailed Description Text (133) : 

and transfers the encrypted first edit label Clelkb2 to the second user U2 , but the 
first edited data content Mli or the encrypted first edited data content is not 
transferred to the second user U2 . 

Detailed Description Text (141) : 

When the first edited data content Mli is reproduced, the data management center 
encx'ypts the first edited data content Mli and the edit tool Pe using the public-' 
key Kb2 of the second user U2 : 

Detailed Description Text (142) : 

and transfers the encrypted first edited data content Cmlikb2 and the encrypted 
edit tool Cpekb2 to the second user U2 . 

Detailed Description Text (143) : 

(9) When the encrypted first edited data content Cmlikb2 and the encrypted edit 
tool Cpekb2 are distributed, the second user U2 decrypts the distributed encrypted 
first edited data content Cmlikb2 and the encrypted edit tool Cpekb2 using private- 
key Kv2 of the second user U2 : 

Detailed Description Text (145) : 

(10) When the second edited data content M2i is obtained, the second user U2 
encrypts the second scenario S2i, which is editing process data content of the 
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second edited data content M2i, using the public -key Kbc of the data management 
center: 

Detailed Description Text (149) : 

prepares a second edit label Le2 based on the presented user label of the second 
user and the decrypted second scenario S2i, stores it in the data content 
management center, encrypts the second edit label Le2 using public-key Kb2 of the 
second user U2 : 

Detailed Description Text (163) : 

The key management center stores a secret key for encryption/decryption for the 
original data content, the user data content and the editing scenario and supplies 
it in response to the request of the user. 

Detailed Description Text (167) : 

(1) The information provider IPi (i = l, 2,3,...; the same applies hereinafter) 
encrypts the original data content MOi using an original secret-key KOi: 

Detailed Description Text (168) : 

encrypts the corresponding original secret-key KsOi using a public key Kbc of the 
data content dealing center: 

Detailed Description Text (169) : 

and supplies the encrypted original data content CmOiksOi (shown as M mOi" in the 
figure) and the encrypted original secret-key CksOikbc (shown as "ksOi" in the ' 
figure) to the data content dealing center. 

Detailed Desc ription Text (172): 

and the decrypted original secret-key KsOi is used' for encryption of the original 
data content MOi. 

Detailed Description Tex t (173): 

The data content dealing center decrypts the supplied encrypted original secret-key 
CksOikbc using. a private-key Kvc of the data content dealing center: 

Detailed Description Text (174) : 

decrypts the e ncrypted original data content CmOiksOi using the decrypted original 
secret-key KsOi: 

D etailed Description Text (179) : 

(3) Upon receipt of the request for use of the original data content MOi, the data 
content dealing center confirms the user label Luli to check for fee charging and 
identification, and then, encrypts the original data content MOi using the 
corresponding original secret-key KsOi: 

Detailed Description Text (181): 

and distributes the encrypte original data content CmOiksOi and the encrypted 
original secret-key CksOikbli to the first user Uli, and also charges for the 
original data content utilization to the first user Uli. 

Detailed Description Text (182) : 

(4) When the encrypted original data content CmOiksOi and the encrypted original 
secret-key CksOikbli have been distributed, the first user Uli decrypts the 
encrypted original secret-key CksOikbli using a private-key Kvli of the first user 
Uli: 

Detailed Description Text (183) : 

decrypts the encrypted original data content CmOiksOi using the decrypted original 
secret-key KsOi: 
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Detailed Description Text (190) : 

For this purpose, the first user Uli prepares a first secret-key Ksli, encrypts the 
first editing scenario Sli and the first user data content Muli using the first 
secret-key Ksli: 

D etailed Description Text (191) : 

encrypts the first secret-key Ksli using a public-key Kbc of the data content 
dealing center: 

Detailed Description Text (192) : 

and transfers the encrypted first editing scenario Csliksli (shown as "sli" in the 
figure), the encrypted first user data content Cmuliksli (shown as "mli" in the 
figure), and the encrypted first secret-key Ckslikbc (shown as "ksli" in the 
figure) to the data content dealing center. 

Detailed Description Text (195) : 

and the decrypted first secret-key Kli is used to encrypt the first editing 
scenario Sli and the first user data content Muli. 

D etailed Description Text (196) : 

The data content dealing center decrypts the transferred encrypted first secret-key 
Ckslikbc using a private -key Kvc of the data content dealing center: 

Detailed Description Text (197) : 

decrypts the encrypted first editing scenario Csliksli and the encrypted first user 
- ata content Cmuliksli using the decrypted first secret-key Ksli: 

D etailed Des cription Text (203) : 

(7) Upon receipt of the request for use of the original data content MOi and/ or the 
first edited data content Mli, the data content dealing center confirms the user 
label Lu2i to check for fee charging and identification. Then, the original data 
con tent MOi requested for use, is encrypted using the corresponding original > 
secret-key KsOi. The first editing scenario Sli and the first user data content 
Muli are encrypted using the first secret-key Ksli, the original secret-key KsOi is 
e ncrypted using a public-key Kb2i, and the first secret-key Ksli is encrypted using 
the public-key Kb 2 i : 

Detailed Description Text (204) : 

Then, the encrypted original data content CmOiksOi (shown as "mOi" in the figure) , 
the encrypted first editing scenario Csliksli (shown as "sli" in the figure) , the. 
e ncrypted first user data content Cmuliksli (shown as "muli ,r in the figure) , the 
encrypted original secret-key Cks0ikb2i and the encrypted first secret-key 
Ckslikb2i are transferred to the second user U2i. And then, the data content 
dealing center charges for utilization of the original data content MOi and the 
first editing scenario Sli to the second user U2i. 

Detailed Description Text (205) : 

(8) When the encrypted original data content CmOiksOi, the encrypted first editing 
scenario Csliksli, the encrypted first user data content Cmuliksli, the encrypted 
original secret-key Cks01kb2i and the encrypted first secret-key Ckslikb2i have 
been transferred, the second user U2i decrypts the encrypted original secret -key 
Cks0ikb2i and the encrypted first secret-key Ckslikb2i using a private-key Kv2i of 
the second user U2i : 

Detailed Description Text (206) : 

Next, the encrypted original data content CmOiksOi is decrypted using the decrypted 
original secret-key KsOi, and the encrypted first editing scenario Csliksli and the 
encrypted first user data content Cmuliksli are decrypted using the decrypted first 
secret-key Ksli : 
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Detailed Description Text (209) : 

The second user U2i prepares a second secret-key Ks2i and encrypts a new second 
editing scenario S2i and a second user data content Mu2i, not stored in the 
database of the data content dealing center, using the second secret-key Ks2i: 

Detailed Description Text (210) : 

Then, the second secret-key Ks2i is encrypted using the public-key Kbc of the data 
content dealing center: 

Detailed Description Text (211) : 

and the encrypted second editing scenario Cs2iks2i (shown as "s2i" in the figure) ,. 
the encrypted second user data content Cmu2iks2i (shown as n mu2i" in the figure) , 
and the encrypted second secret-key Cks2ikbc (shown as n ks2i" in the figure) are 
transferred to the data content dealing center 

Detailed Description Text (219) : 

The key management center stores a secret -key for encrypt ion/ decrypt ion for the 
original data content, the editor's data content and the editing scenario and 
supplies it to the data content editor or the editing scenario seller. 

Detailed Description Text (223) : 

(1) The information provider IPi (i-1, 2„ 3, . . . ; the same applies hereinafter) 
encrypts the original data content MOi using an original secret-key KOi: 

D etailed Description Text (224) : 

■ encrypts the corresponding original secret-key KsOi using a public-key Kbc of the 
data content dealing center: 

Detailed Description Text (225) : ' " 

and supplies the encrypted original data content CmOiksOi (shown as "mOi" in the 

figure) and the encrypted original secret-key CksOikbc . (shown as "ksOi" in the 
figure) to the data content dealing center. - 

Detailed De s cription Text (228) : 

and the decrypted original secret-key. KsOi is used for encryption of the original 
data content MOi. 

Detailed Description Text (229) : . 

The data content dealing center decrypts the supplied encrypted original secret-key 
CksOikbc using a private-key Kvc of the data content dealing center: 

Detailed Description Text (230) : 

decrypts the encrypted original data c ontent CmOiksOi using the decrypted original 
secret-key KsOi: 

Detailed Description Text (235) : 

(3) Upon receipt of the request for utilization of the original data content MOi, 
the data content dealing center confirms the user label Lei to check for fee 
charging and identification. Then, the original data content MOi is encrypted using 
the corresponding original secret-key KsOi: 

Detailed Description Text (236) : 

encrypts the original secret-key KsOi using a public-key Kbei of the data content 
editor Ei : 

Detailed Description Text (237) : 

and distributes the encrypted original data content CmOiksOi and the encrypted 
original secret-key CksOikbei to the data content editor Ei, and further, charges a 
fee for the original data content utilization to the data content editor Ei and an 
end user. 
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Detailed Description Text (238) : 

(4) When the encrypted original data content CmOiksOi and the encrypted original 
secret-key CksOikbei have been distributed, the data content editor Ei decrypts the 
encrypted original secret-key CksOikbei using a private-key Kvei of the data 
content editor Ei : 



Detailed Description Text (239) : 

decrypts the encrypted original data content CmOiksOi using the decrypted original 
secret-key KsOi: 

Detailed Description Text (246) : 

To sell the utilization right of the editing scenario Sli and the editor's data 
content Medi, the data content editor Ei prepares a secret -key Ksei, encrypts the 
editing scenario Sei and the editor's data content Medi using the secret -key Ksei: 

D etailed Description Text (247) : 

art ^- encrypts the secret -key Ksei using the public -key Kbc of the data content 
dealing center: 

Detailed Description Text (248) : 

Then, the encryp ted editing scenario Cseiksei (shown as "sei" in the figure), the 
encrypted editor's data content Cmeiksei (shown as "mei" in the figure), and the 
e ncrypted secret -key Ckseikbc (shown as "ksei" in the figure) are transferred to 
the data co ntent dealing center. 

Detailed J)e script ion Text (249) : 

The secret -key Ksei may be prepared by the data content editor Ei, or the data 
content editor Ei may ask the key management center to generate it. In case the key 
. management center generates the secret -key Ksei, the generated secret -key Ksei is 
encry pted using the public -key Kbei of the data content editor Ei : ' . 

'Detailed D escription Text (250): 

and the encrypted secret -key Ckseikbei is distributed to the data content editor 
Ei . The data content editor Ei decrypts it using own private-key Kvei: 

De tailed Description Text (251) : 

and the decrypted secret -key Ksei is -used to encrypt the editing scenario Sei and 
tho data content editor's data content Medi. 

Det ailed Description Text (252) : 

The data content dealing center decrypts the transferred encrypted secret-key 
Ckseikbc using the private-key Kvc of the data content dealing center: 

Detailed Description Text (253) : 

Then, the encrypt ed editing scenario Cseiksei and the encrypted editor's data 
conten t Cmediksei are decrypted using the decrypted secret -key Ksei: 

Detailed Description Text (261) : 

The editing scenario seller Di, to whom it has been decided to sell., encrypts the 

secret-key Ksdi of the editing scenario seller Di using the public-key Kbc of the 
dats-. con tent dealing center: * ■ 

Detailed Description Text (263) : 

(8) The editing scenario market management center decrypts the presented encrypted 
secret-key Cksdikbc using the private-key Kvc of the data content dealing center: 

Detailed Description Text (264) : 

e ncrypts the editing scenario Sei and the editor's data content Medi using the 
decrypted secret-key Ksdi of the editing scenario seller Di : 
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Detailed Description Text (265) : 

and sends the encrypted editing scenario Cseiksdi and encrypted editor's data 
c ontent Cmediksdi to the editing scenario seller Di . 

Detailed Description Text (270) : 

To cope with such problems, adopting a copyright management program and re^ 
encryption of the data content is effective as the present inventor has proposed in 
the U.S. patent application Ser. No. 08/416,037 (EP 677949A2), and if adopting an 
arrangement referred to as a real-time OS or an embedded system which allows the 
copyright management program performing re-encryption to precede other application 
programs, the illegitimate use problems can be effectively avoided. 



Current 


US 


Cross 


Reference 


Classification 


(1) 


380/201 












Current 


US 


Cross 


Reference 


Classification 
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705/54 












Current 


US 
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Reference 


Classification 


(6) 


705/57 












Current 


US 


Cross 


Reference 


Classification 


(9) 



713/193 
CLAIMS : 

1, A method for dealing in data content using a data content dealing system,, in 
-which an original data content andean edited data content which a first user has 
edited are sold. in a network to a second user, whereby: 

said original data content comprises a data object; 

said edited data content comprises said data object" and an editing scenario 
describing editing details of said data object; 

said data content dealing system comprises a data content dealing center and a 
database; 

said data content dealing center comprises a key management center, a data content 
dealing management center and an editing scenario dealing management center; said 
method comprising the steps of : 

said key management center generating a secret-key, storing said secret -key and 
transferring of said secret -key; 

said data content dealing management center advertising and selling said data 
content stored in said database; 

said editing scenario dealing management center advertising and selling said 
editing scenario; 

said first user creating said edited data content by utilizing said original data 
content stored in said database, encrypting an editing scenario of said edited data 
content by a secret-key which is to be deposited in said database, and depositing 
said secret -key to said key management center; 

transferring said encrypted editing scenario and said secret-key to the second user 
who wishes to utilize said edited data content ; 
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said second user decrypting said encrypted editing scenario by said secret-key and 
re-constituting said edited data content according to said decrypted editing 
scenario. 

3. The method of claim 1, wherein said step of transferring said encrypted editing 
scenario and said secret key to said second user comprises transferring said 
original data content to said second user together with said encrypted editing 
scenario and said secret -key. 

4. A method of dealing in data content using a data content dealing system, in 
which a utilization right of an editing scenario of an edited data content which 
comprises an original data content edited by a data content editor is auctipned in 
a network to an editing scenario seller, whereby: 

said original data content comprises a data object; 

said edited data content comprises said data object and the editing scenario 
describing editing details of said data object; 

said data content dealing system comprises a data content dealing center and a 
database; 

said data content dealing center comprises a key management center, a data content 
dealing management center and an editing scenario market management center; said 
method comprising the steps of: 

said key management center generating a secret -key, storing said secret -key and 
transferring said secret -key; 

said data content dealing management center advertising and selling said original 
delta content stored in said database; 

said editing scenario market management center advertising and auctioning said 
editing scenario; 

said data content editor producing the edited data content by utilizing said 
original data content stored in said database, encrypting the editing scenario of 
said edited data content by a secret-key of said data content editor, depositing 
said encrypted editing scenario of said edited data contend to said database and 
depositing said secret -key with said key management center; 

auctioning said utilization right of said editing scenario to said editing scenario 
seller who wishes to sell said utilization right of said editing scenario; 

said editing scenario seller transferring a secret-key for said editing scenario to 
said key management center; 

said editing scenario market management center changing said secret -key for said 
editing scenario from the secret-key of said data content editor to the secret-key 
of said editing scenario seller. 
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File: USPT 



Sep 9, 1997 



DOCUMENT -IDENTIFIER: US 5666415 A 

TITLE: Method and apparatus for cryptographic authentication 



Application Filing Date (1) : 
19950728 

Detailed Description Text (5) : 

Server node 11 receives the secret sent by USER. sub.-- 1 10 and using the contents 
of table 15a in conjunction with the hashing functions 15b and 

encryption/decryption algorithms 15c # server node 11 determines whether USER. sub. -- 
1 10 is an authorized user. 

Detailed Description Text (21) : 

The first argument, which is a hash of a password using a third hashing function, 
provides protection against the server's database being compromised because an 
intruder accessing the contents of the database would be unable to determine the 
first argument which is to be provided by an authorized user. The database contains 
a second hash of the first argument, using a second hashing function. As hashes are 
one-way encryption algorithms, an intruder to the database would be unable to 
reverse the hash of the contents of the database, and as such would be unable to 
provide the proper first argument to the server. To check the validity of the first 
argument, the server applies a second hashing function to the first argument and 
compares the result to the server's database contents. 

Detailed Description Text (23) : 

The second argument provided by the user is a hash of a concatenation of a nonce 
and a hash of a password. When the user requests access to the server, the server 
provides the user a nonce which is a randomly selected number. As the nonce changes 
each time access is requested, an eavesdropper would be unable to gain sufficient 
information with which to provide a second argument during a subsequent exchange 
between the eavesdropper and the server. To check the validity of the second 
argument, the server accesses a first term in the database, which is a first hash 
of the user's password, and concatenates the current nonce, R, to the value and 
applies a fourth hash to the result of the concatenation comparing the result to 
the second argument sent by the user. 

Detailed Description Text (26) : 

Here, a first field 17a" of the table 15a" corresponds to a username or some 
identifying information. Typically, the identification information would be a 
user's first and/or last name or some combination thereof. The table 15a" includes 
a second field 17b" TERM. sub.-- 1 corresponding to an entry which is an encryption 
of a message where the message is a hash of a user's password, using a first hash 
function H.sub.l. The key under which the message is encrypted is a hash of a 
result of a concatenation between a hash of a user's password or other message, 
using a first hash function H.sub.l, and a nonce, the hash of the result of the 
concatenation using a second hash function H.sub.2. The contents of the second 
field 17b" is denoted as {H.sub.l (pwd) }H . sub . 2 

(R.sub.l .vert line. .vert line. H.sub.l (pwd)) where {H.sub.l (pwd)} is encrypted 
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using the key H.sub.2 (R.sub.l . vertline . . vertline . H . sub . 1 (pwd) ) . The table 15a" 
also includes a third field 17c" TERM. sub.-- 2 which corresponds to an entry which 
corresponds to a nonce, denoted as R.sub.l. 

Detailed Description Text (27) : 

The contents of table 15a" are changed as a result of two different occurrences. 
The first occurrence is when a user, such as USER. sub.-- 1 10, changes its 
password, (pwd), new values are determined for TERM . sub .- - 1 17b" and TERM. sub.-- 2 
17c" to reflect the change and table 15a" is updated with the new values. 

Detailed Description Text (35) : 

The server checks the user's response by decrypting a first term in the server 
database using the first argument provided by the user. The result of the 
decryption, which is a first hash of the user's password, is used to verify the 
second argument by concatenating the result of the decryption to a second nonce and 
applying a third hashing function to the result of the concatenation. Once the 
response has been verified, the server generates a new first nonce and updates the 
contents of the database accordingly. 

Detailed Description Text (37) : 

Here, a first field 17a 1 " of the table 15a'" corresponds to a username or some 
identifying information. Typically, the identification information would be a 
user's first and/or last name or some combination thereof. The table 15a'" includes 
a second field 17b'" corresponding to an entry which is an encryption of a message. 
Here, the message is a hash of a user's password or other message concatenated with 
a third nonce, using a first hash function H.sub.l. The key under which the message 
is encrypted is a hash of a result of a concatenation between a hash of a user's 
password or other message and a first nonce R.sub.l where the user's password is 
first concatenated with a third nonce R.sub.3 before being hashed using a first 
hashing function H.sub.l. The contents of the second field 17b'" is denoted as 
{H.sub.l (pwd. vertline . . vertline . R . sub . 3 ) }H.sub.2 

(R.sub.l .vertline . .vertline .H . sub . 1 (pwd. vertline . .vertline .R. sub. 3) ) where 
{H.sub.l (pwd. vertline. .vertline .R. sub. 3) } is encrypted using H.sub.2 
(R.sub.l .vertline. .vertline, H. sub. 1 (pwd .vertline . .vertline .R . sub . 3 ) ) as a key. 
The table 15a'" also includes a third field 17c'", which corresponds to an entry 
which is a first nonce, denoted as R.sub.l and a fourth field 17d'", which 
corresponds to an entry which is a third nonce, denoted as R.sub.3. 

Detailed Description Text (38) : 

Tne contents of table 15a'" are updated as a result of three different occurrences. 
The first occurrence takes place when a user, such as USER. sub.-- 1 10, changes its 
password, (pwd) . In response to the user selecting a new password, the server node 
11 selects several pairs of a new first nonce, R.sub.l, and a new third nonce, 
R.sub.3. These nonce pairs and the new user password are used by the server node 11 
to determine new values, called triplets, for the appropriate table 15a'" fields, 
17b'", 17c'" and 17d"'. One set of triplets is used to update the table 15a 1 " 
fields 17b'", 17c'" and 17d'". The remaining triplets are kept in reserve, that is 
stored somewhere separate from table 15a*" such that they are unlikely to be 
revealed even if table 15a' " is revealed. An example might be a backup tape of 
floppy disk stored in a safe. These remaining triplets are to be used if it is 
determined that table 15a'" has been compromised. 

Current US Cross Reference Classification (1) : 
380/28 

Current US Cross Reference Classification (2) : 
380/30 
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